Image by Simon Steinberger from Pixabay.
What comes into your mind when you think about risks?
Before knowing much about risk management, my first associations for risks were uncertainty, loss, pain. That did not sound comfortable to me.
Today I know a lot more about risk management. To be honest, loss and pain still do not sound comfortable. Uncertainty however does sound acceptable to me now, otherwise I would not be self employed. Why is that?
In this post I share what I believe is all you need to understand about risk management. I hope some of the associations you had in mind when you thought about risks will sound less scary to you after reading this post.
What is a Risk?
There are many definitions and colloquial meanings for risk. My understanding is based on the ISO 31000 definition.
Accordingly, a risk is the “effect of uncertainty on objectives“. This effect can be positive or negative. Beyond this ISO definition, instead of “risk” the term “opportunity” is widely used for positive effects. Don’t worry, I have an example:
Imagine you want to earn money with shares of a specific company. You analyze the company and set your objective to earn 100 € after one year. Of course there is an uncertainty on the exact future evolution of the share value. The effect could be that you earn less than 100 € (“risk“). But there could also be a positive effect of earning more (“opportunity“).
Can you see why I am quite comfortable to accept uncertainty in the meantime?
What is important to understand about Risk Management?
Does risk management eliminate risks? No, that is a myth about risk management. Even with the best approach, residual risks remain. Such as the risk that you do not identify all relevant risks.
If you perform risk management, you
- know the risks of your project or business
- perform measures that reduce the likelihood that risks occur
- know measures that limit the consequences, in case a risk occurs
- spend some money for risk management, but you save even more money for compensation
So what does risk management do?
Know Your Risks And Opportunities
Risk management helps to know which risks and opportunities exist, what causes them and which consequences they have. If you know the risks, you can do something about them.
Reduce The Likelihood That Risks Occur
Risk causes are identified and their likelihood is determined. Having an idea what can cause an undesired effect (risk cause), you are able to think about measures. These preventive measures are suitable to reduce the likelihood of a risk cause to happen.
Talking about opportunities, it may be beneficial to find measures that increase the likelihood of the risk cause.
Be Aware Of The Residual Risk
No matter how good your preventive actions are, a residual risk will remain. Preventive measures can only reduce the likelihood that a risk occurs. Or they can increase the likelihood that opportunities become real
Risk management does not eliminate risks. In my opinion, this is the most important statement about risk management. Be aware, there is always a residual risk.
Limit The Consequences
Knowing that risks cannot be eliminated, you may agree that it makes sense to be prepared.
For each risk, possible consequences are considered. If you know what consequences an undesired effect can have, you can think about measures. Corrective measures aim on limiting negative consequences.
Looking at opportunities, you could define measures that increase the positive effects.
Decide Which Risks Can Be Accepted
The level of risk is a measure that indicates the magnitude of a risk. The level of risk combines the likelihood of a risk and the severity of its consequence. It is a general indicator for the priority a particular risk should have.
The way to determine the level of risk depends on the specific situation. It is part of the risk policy of a company or a project. Based on the level of risk, the policy will also define which risks or residual risks can be accepted.
Monitor Risks Over Time
Over time, the level of risk can change. Some risks disappear in the course of time. Other risks increase. New risks may appear. Taken measures may not be as effective as expected. Good risk management depends on accurate information and data.
That is why I think it is important that risk management does not end with the definition of measures. Risk monitoring is an important management task.
Risk Management Does Save Money
I believe in this statement about risk management: Over the life cycle of a project or business, risk management does save money.
Of course, implementation and execution of risk management initially costs money. Someone has to do it, and that someone usually does not do it for free. Beyond that, most measures to prevent risks cost money.
The cost effectiveness is one of the key considerations about risk management. For the decision whether a preventive measure will be implemented, the following criteria are considered:
- Is the level of risk acceptable without the measure?
- Will the measure significantly reduce the level of risk?
- Will the expected benefit of the measure be greater than its cost?
Also the preparation of corrective measures can save money. Just imagine how much time it would take when you have to develop a corrective measure after a risk occurred. How much damage could occur during this time.
With these considerations I am confident, that risk management does save money. What about you?
I believe this is all you need to understand about risk management if you want to decide whether
- you want to perform risk management in your project or company
- you want to employ or contract a risk manager
- you want to learn how to actually manage risks
Do you want to know how you can take your project to success? Read here.